...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...NT2580 Ishmael Burch III Project Part 2 Student SSCP Domain Research Paper Remote Access Domain is a domain involving Portable devices that use static IP address like Smart phones Laptop computers PDAs Remote E-mail usage Wireless access to cloud resources. Remote access policies are configured using the RRAS console. They are contained within the Remote Access Policies container under the server node in the console tree. There is a default remote access policy created when the RRAS is installed on a computer. Allow or deny remote access depending on the time or day of the week, the group membership of the remote user, the type of connection (VPN or dial-up), and so on. Administrators can configure remote access settings to specify authentication protocols, and encryption schemes used by clients, maximum duration of a remote access session, etc. A wireless link is likely to be limited in bandwidth error rates on a wireless link is much higher than that of a wired link. Different types of communication paths involved, one of which is radio link, particularly vulnerable to attack. Location privacy, any leakage of specific signaling information on the network can lead to an eavesdropper to approximately “locate” the position of a subscriber and thus hindering the subscriber’s privacy. Securing Internet Communication by using S-HTTP and SSL Secure Socket Layer (SSL) protocol is a protocol that uses public key encryption to secure channel over public Internet. A Secure Hypertext...
Words: 769 - Pages: 4
...countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created deviant code. Introduction Malicious software is written with the intent to damage or infect the system of Richman Investment. Malicious code or software is a threat to any internet-connected device or computer. The main goal of the attack is to affect one of the three information security properties which are Confidentiality, Integrity, and Availability. Confidentiality is affected if the malicious software is successful at disclosing private information. Integrity is compromised if the malware can modify database records either immediately or over a period of time. Availability is affected if malware can erase or overwrite files or inflict considerable damage to storage media. SSCP® Domain Affected Malicious Code and Activity This domain examines the types of Malicious Code and Activities that can threaten the confidentiality, integrity, and availability of a system or information. The SSCP is expected to be familiar with the various types of Malicious Code and know how to implement effective countermeasures to prevent malicious code from operating. The SSCP should also know how to detect, respond and recover from malicious activity on a system whether perpetrated by an internal or external entity and take steps to mitigate the risk of malicious activity. Controls to Protect Against Malicious Code Typical controls...
Words: 953 - Pages: 4
...General Security Plan for Richman Investments The SSCP (Systems Security Certified Practitioner) consists of the following seven domains: 1. Access Controls – policies, standards and procedures that define who users are, what they can do, which resources and information they can access, and what operations they can perform on a system. • Software - PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks. 2. Security Operations and Administration – identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. • Software - Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. • AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats (e.g. dump and/or GNU tar) and can back up a...
Words: 1010 - Pages: 5
